| @@ -1,647 +1,650 @@ | | | @@ -1,647 +1,650 @@ |
1 | .\" $NetBSD: inetd.8,v 1.56 2009/10/24 12:23:47 reed Exp $ | | 1 | .\" $NetBSD: inetd.8,v 1.57 2011/04/25 22:12:05 wiz Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 1998 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 1998 The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
7 | .\" by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, | | 7 | .\" by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, |
8 | .\" NASA Ames Research Center. | | 8 | .\" NASA Ames Research Center. |
9 | .\" | | 9 | .\" |
10 | .\" Redistribution and use in source and binary forms, with or without | | 10 | .\" Redistribution and use in source and binary forms, with or without |
11 | .\" modification, are permitted provided that the following conditions | | 11 | .\" modification, are permitted provided that the following conditions |
12 | .\" are met: | | 12 | .\" are met: |
13 | .\" 1. Redistributions of source code must retain the above copyright | | 13 | .\" 1. Redistributions of source code must retain the above copyright |
14 | .\" notice, this list of conditions and the following disclaimer. | | 14 | .\" notice, this list of conditions and the following disclaimer. |
15 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 15 | .\" 2. Redistributions in binary form must reproduce the above copyright |
16 | .\" notice, this list of conditions and the following disclaimer in the | | 16 | .\" notice, this list of conditions and the following disclaimer in the |
17 | .\" documentation and/or other materials provided with the distribution. | | 17 | .\" documentation and/or other materials provided with the distribution. |
18 | .\" | | 18 | .\" |
19 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | | 19 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
20 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | | 20 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
21 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | | 21 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
22 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | | 22 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
23 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | | 23 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
24 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 24 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
25 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 25 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
26 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 26 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
27 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 27 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
28 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 28 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
29 | .\" POSSIBILITY OF SUCH DAMAGE. | | 29 | .\" POSSIBILITY OF SUCH DAMAGE. |
30 | .\" | | 30 | .\" |
31 | .\" Copyright (c) 1985, 1991 The Regents of the University of California. | | 31 | .\" Copyright (c) 1985, 1991 The Regents of the University of California. |
32 | .\" All rights reserved. | | 32 | .\" All rights reserved. |
33 | .\" | | 33 | .\" |
34 | .\" Redistribution and use in source and binary forms, with or without | | 34 | .\" Redistribution and use in source and binary forms, with or without |
35 | .\" modification, are permitted provided that the following conditions | | 35 | .\" modification, are permitted provided that the following conditions |
36 | .\" are met: | | 36 | .\" are met: |
37 | .\" 1. Redistributions of source code must retain the above copyright | | 37 | .\" 1. Redistributions of source code must retain the above copyright |
38 | .\" notice, this list of conditions and the following disclaimer. | | 38 | .\" notice, this list of conditions and the following disclaimer. |
39 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 39 | .\" 2. Redistributions in binary form must reproduce the above copyright |
40 | .\" notice, this list of conditions and the following disclaimer in the | | 40 | .\" notice, this list of conditions and the following disclaimer in the |
41 | .\" documentation and/or other materials provided with the distribution. | | 41 | .\" documentation and/or other materials provided with the distribution. |
42 | .\" 3. Neither the name of the University nor the names of its contributors | | 42 | .\" 3. Neither the name of the University nor the names of its contributors |
43 | .\" may be used to endorse or promote products derived from this software | | 43 | .\" may be used to endorse or promote products derived from this software |
44 | .\" without specific prior written permission. | | 44 | .\" without specific prior written permission. |
45 | .\" | | 45 | .\" |
46 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | | 46 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
47 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 47 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
48 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 48 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
49 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | | 49 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
50 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 50 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
51 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 51 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
52 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 52 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
53 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 53 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
54 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 54 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
55 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 55 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
56 | .\" SUCH DAMAGE. | | 56 | .\" SUCH DAMAGE. |
57 | .\" | | 57 | .\" |
58 | .\" from: @(#)inetd.8 8.4 (Berkeley) 6/1/94 | | 58 | .\" from: @(#)inetd.8 8.4 (Berkeley) 6/1/94 |
59 | .\" | | 59 | .\" |
60 | .Dd August 27, 2008 | | 60 | .Dd August 27, 2008 |
61 | .Dt INETD 8 | | 61 | .Dt INETD 8 |
62 | .Os | | 62 | .Os |
63 | .Sh NAME | | 63 | .Sh NAME |
64 | .Nm inetd , | | 64 | .Nm inetd , |
65 | .Nm inetd.conf | | 65 | .Nm inetd.conf |
66 | .Nd internet | | 66 | .Nd internet |
67 | .Dq super-server | | 67 | .Dq super-server |
68 | .Sh SYNOPSIS | | 68 | .Sh SYNOPSIS |
69 | .Nm | | 69 | .Nm |
70 | .Op Fl d | | 70 | .Op Fl d |
71 | .Op Fl l | | 71 | .Op Fl l |
72 | .Op Ar configuration file | | 72 | .Op Ar configuration file |
73 | .Sh DESCRIPTION | | 73 | .Sh DESCRIPTION |
74 | .Nm | | 74 | .Nm |
75 | should be run at boot time by | | 75 | should be run at boot time by |
76 | .Pa /etc/rc | | 76 | .Pa /etc/rc |
77 | (see | | 77 | (see |
78 | .Xr rc 8 ) . | | 78 | .Xr rc 8 ) . |
79 | It then opens sockets according to its configuration and listens | | 79 | It then opens sockets according to its configuration and listens |
80 | for connections. | | 80 | for connections. |
81 | When a connection is found on one of its sockets, it decides what | | 81 | When a connection is found on one of its sockets, it decides what |
82 | service the socket corresponds to, and invokes a program to service | | 82 | service the socket corresponds to, and invokes a program to service |
83 | the request. | | 83 | the request. |
84 | After the program is finished, it continues to listen on the socket | | 84 | After the program is finished, it continues to listen on the socket |
85 | (except in some cases which will be described below). | | 85 | (except in some cases which will be described below). |
86 | Essentially, | | 86 | Essentially, |
87 | .Nm | | 87 | .Nm |
88 | allows running one daemon to invoke several others, | | 88 | allows running one daemon to invoke several others, |
89 | reducing load on the system. | | 89 | reducing load on the system. |
90 | .Pp | | 90 | .Pp |
91 | The options available for | | 91 | The options available for |
92 | .Nm : | | 92 | .Nm : |
93 | .Bl -tag -width Ds | | 93 | .Bl -tag -width Ds |
94 | .It Fl d | | 94 | .It Fl d |
95 | Turns on debugging. | | 95 | Turns on debugging. |
96 | .It Fl l | | 96 | .It Fl l |
97 | Turns on libwrap connection logging. | | 97 | Turns on libwrap connection logging. |
98 | .El | | 98 | .El |
99 | .Pp | | 99 | .Pp |
100 | Upon execution, | | 100 | Upon execution, |
101 | .Nm | | 101 | .Nm |
102 | reads its configuration information from a configuration | | 102 | reads its configuration information from a configuration |
103 | file which, by default, is | | 103 | file which, by default, is |
104 | .Pa /etc/inetd.conf . | | 104 | .Pa /etc/inetd.conf . |
105 | The path given for this configuration file must be absolute, unless | | 105 | The path given for this configuration file must be absolute, unless |
106 | the | | 106 | the |
107 | .Fl d | | 107 | .Fl d |
108 | option is also given on the command line. | | 108 | option is also given on the command line. |
109 | There must be an entry for each field of the configuration | | 109 | There must be an entry for each field of the configuration |
110 | file, with entries for each field separated by a tab or | | 110 | file, with entries for each field separated by a tab or |
111 | a space. | | 111 | a space. |
112 | Comments are denoted by a ``#'' at the beginning of a line. | | 112 | Comments are denoted by a ``#'' at the beginning of a line. |
113 | There must be an entry for each field (except for one | | 113 | There must be an entry for each field (except for one |
114 | special case, described below). | | 114 | special case, described below). |
115 | The fields of the configuration file are as follows: | | 115 | The fields of the configuration file are as follows: |
116 | .Pp | | 116 | .Pp |
117 | .Bd -unfilled -offset indent -compact | | 117 | .Bd -unfilled -offset indent -compact |
118 | [addr:]service-name | | 118 | [addr:]service-name |
119 | socket-type[:accept_filter] | | 119 | socket-type[:accept_filter] |
120 | protocol[,sndbuf=size][,rcvbuf=size] | | 120 | protocol[,sndbuf=size][,rcvbuf=size] |
121 | wait/nowait[:max] | | 121 | wait/nowait[:max] |
122 | user[:group] | | 122 | user[:group] |
123 | server-program | | 123 | server-program |
124 | server program arguments | | 124 | server program arguments |
125 | .Ed | | 125 | .Ed |
126 | .Pp | | 126 | .Pp |
127 | To specify an | | 127 | To specify an |
128 | .Em Sun-RPC | | 128 | .Em Sun-RPC |
129 | based service, the entry would contain these fields: | | 129 | based service, the entry would contain these fields: |
130 | .Pp | | 130 | .Pp |
131 | .Bd -unfilled -offset indent -compact | | 131 | .Bd -unfilled -offset indent -compact |
132 | service-name/version | | 132 | service-name/version |
133 | socket-type | | 133 | socket-type |
134 | rpc/protocol[,sndbuf=size][,rcvbuf=size] | | 134 | rpc/protocol[,sndbuf=size][,rcvbuf=size] |
135 | wait/nowait[:max] | | 135 | wait/nowait[:max] |
136 | user[:group] | | 136 | user[:group] |
137 | server-program | | 137 | server-program |
138 | server program arguments | | 138 | server program arguments |
139 | .Ed | | 139 | .Ed |
140 | .Pp | | 140 | .Pp |
141 | To specify a UNIX-domain (local) socket, the entry would contain | | 141 | To specify a UNIX-domain (local) socket, the entry would contain |
142 | these fields: | | 142 | these fields: |
143 | .Pp | | 143 | .Pp |
144 | .Bd -unfilled -offset indent -compact | | 144 | .Bd -unfilled -offset indent -compact |
145 | path | | 145 | path |
146 | socket-type | | 146 | socket-type |
147 | unix[,sndbuf=size][,rcvbuf=size] | | 147 | unix[,sndbuf=size][,rcvbuf=size] |
148 | wait/nowait[:max] | | 148 | wait/nowait[:max] |
149 | user[:group] | | 149 | user[:group] |
150 | server-program | | 150 | server-program |
151 | server program arguments | | 151 | server program arguments |
152 | .Ed | | 152 | .Ed |
153 | .Pp | | 153 | .Pp |
154 | For Internet services, the first field of the line may also have a host | | 154 | For Internet services, the first field of the line may also have a host |
155 | address specifier prefixed to it, separated from the service name by a colon. | | 155 | address specifier prefixed to it, separated from the service name by a colon. |
156 | If this is done, the string before the colon in the first field | | 156 | If this is done, the string before the colon in the first field |
157 | indicates what local address | | 157 | indicates what local address |
158 | .Nm | | 158 | .Nm |
159 | should use when listening for that service, or the single character | | 159 | should use when listening for that service, or the single character |
160 | .Dq \&* | | 160 | .Dq \&* |
161 | to indicate | | 161 | to indicate |
162 | .Dv INADDR_ANY , | | 162 | .Dv INADDR_ANY , |
163 | meaning | | 163 | meaning |
164 | .Sq all local addresses . | | 164 | .Sq all local addresses . |
165 | To avoid repeating an address that occurs frequently, a line with a | | 165 | To avoid repeating an address that occurs frequently, a line with a |
166 | host address specifier and colon, but no further fields, causes the | | 166 | host address specifier and colon, but no further fields, causes the |
167 | host address specifier to be remembered and used for all further lines | | 167 | host address specifier to be remembered and used for all further lines |
168 | with no explicit host specifier (until another such line or the end of | | 168 | with no explicit host specifier (until another such line or the end of |
169 | the file). | | 169 | the file). |
170 | A line | | 170 | A line |
171 | .Dl *: | | 171 | .Dl *: |
172 | is implicitly provided at the top of the file; thus, traditional | | 172 | is implicitly provided at the top of the file; thus, traditional |
173 | configuration files (which have no host address specifiers) will be | | 173 | configuration files (which have no host address specifiers) will be |
174 | interpreted in the traditional manner, with all services listened for | | 174 | interpreted in the traditional manner, with all services listened for |
175 | on all local addresses. | | 175 | on all local addresses. |
176 | .Pp | | 176 | .Pp |
177 | The | | 177 | The |
178 | .Em service-name | | 178 | .Em service-name |
179 | entry is the name of a valid service in | | 179 | entry is the name of a valid service in |
180 | the file | | 180 | the file |
181 | .Pa /etc/services . | | 181 | .Pa /etc/services . |
182 | For | | 182 | For |
183 | .Dq internal | | 183 | .Dq internal |
184 | services (discussed below), the service | | 184 | services (discussed below), the service |
185 | name | | 185 | name |
186 | .Em must | | 186 | .Em must |
187 | be the official name of the service (that is, the first entry in | | 187 | be the official name of the service (that is, the first entry in |
188 | .Pa /etc/services ) . | | 188 | .Pa /etc/services ) . |
189 | When used to specify a | | 189 | When used to specify a |
190 | .Em Sun-RPC | | 190 | .Em Sun-RPC |
191 | based service, this field is a valid RPC service name in | | 191 | based service, this field is a valid RPC service name in |
192 | the file | | 192 | the file |
193 | .Pa /etc/rpc . | | 193 | .Pa /etc/rpc . |
194 | The part on the right of the | | 194 | The part on the right of the |
195 | .Dq / | | 195 | .Dq / |
196 | is the RPC version number. | | 196 | is the RPC version number. |
197 | This can simply be a single numeric argument or a range of versions. | | 197 | This can simply be a single numeric argument or a range of versions. |
198 | A range is bounded by the low version to the high version \- | | 198 | A range is bounded by the low version to the high version \- |
199 | .Dq rusers/1-3 . | | 199 | .Dq rusers/1-3 . |
200 | .Pp | | 200 | .Pp |
201 | The | | 201 | The |
202 | .Em socket-type | | 202 | .Em socket-type |
203 | should be one of | | 203 | should be one of |
204 | .Dq stream , | | 204 | .Dq stream , |
205 | .Dq dgram , | | 205 | .Dq dgram , |
206 | .Dq raw , | | 206 | .Dq raw , |
207 | .Dq rdm , | | 207 | .Dq rdm , |
208 | or | | 208 | or |
209 | .Dq seqpacket , | | 209 | .Dq seqpacket , |
210 | depending on whether the socket is a stream, datagram, raw, | | 210 | depending on whether the socket is a stream, datagram, raw, |
211 | reliably delivered message, or sequenced packet socket. | | 211 | reliably delivered message, or sequenced packet socket. |
212 | .Pp | | 212 | .Pp |
213 | Optionally, an | | 213 | Optionally, an |
214 | .Xr accept_filter 9 | | 214 | .Xr accept_filter 9 |
215 | can be specified by appending a colon to the socket-type, followed by | | 215 | can be specified by appending a colon to the socket-type, followed by |
216 | the name of the desired accept filter. | | 216 | the name of the desired accept filter. |
217 | In this case | | 217 | In this case |
218 | .Nm | | 218 | .Nm |
219 | will not see new connections for the specified service until the accept | | 219 | will not see new connections for the specified service until the accept |
220 | filter decides they are ready to be handled. | | 220 | filter decides they are ready to be handled. |
221 | .Pp | | 221 | .Pp |
222 | The | | 222 | The |
223 | .Em protocol | | 223 | .Em protocol |
224 | must be a valid protocol as given in | | 224 | must be a valid protocol as given in |
225 | .Pa /etc/protocols | | 225 | .Pa /etc/protocols |
226 | or the string | | 226 | or the string |
227 | .Dq unix . | | 227 | .Dq unix . |
228 | Examples might be | | 228 | Examples might be |
229 | .Dq tcp | | 229 | .Dq tcp |
230 | and | | 230 | and |
231 | .Dq udp . | | 231 | .Dq udp . |
232 | Rpc based services are specified with the | | 232 | Rpc based services are specified with the |
233 | .Dq rpc/tcp | | 233 | .Dq rpc/tcp |
234 | or | | 234 | or |
235 | .Dq rpc/udp | | 235 | .Dq rpc/udp |
236 | service type. | | 236 | service type. |
237 | .Dq tcp | | 237 | .Dq tcp |
238 | and | | 238 | and |
239 | .Dq udp | | 239 | .Dq udp |
240 | will be recognized as | | 240 | will be recognized as |
241 | .Dq TCP or UDP over default IP version . | | 241 | .Dq TCP or UDP over default IP version . |
242 | It is currently IPv4, but in the future it will be IPv6. | | 242 | It is currently IPv4, but in the future it will be IPv6. |
243 | If you need to specify IPv4 or IPv6 explicitly, use something like | | 243 | If you need to specify IPv4 or IPv6 explicitly, use something like |
244 | .Dq tcp4 | | 244 | .Dq tcp4 |
245 | or | | 245 | or |
246 | .Dq udp6 . | | 246 | .Dq udp6 . |
247 | If you would like to enable special support for | | 247 | If you would like to enable special support for |
248 | .Xr faithd 8 , | | 248 | .Xr faithd 8 , |
249 | prepend a keyword | | 249 | prepend a keyword |
250 | .Dq faith | | 250 | .Dq faith |
251 | into | | 251 | into |
252 | .Em protocol , | | 252 | .Em protocol , |
253 | like | | 253 | like |
254 | .Dq faith/tcp6 . | | 254 | .Dq faith/tcp6 . |
255 | .Pp | | 255 | .Pp |
256 | In addition to the protocol, the configuration file may specify the | | 256 | In addition to the protocol, the configuration file may specify the |
257 | send and receive socket buffer sizes for the listening socket. | | 257 | send and receive socket buffer sizes for the listening socket. |
258 | This is especially useful for | | 258 | This is especially useful for |
259 | .Tn TCP | | 259 | .Tn TCP |
260 | as the window scale factor, which is based on the receive socket | | 260 | as the window scale factor, which is based on the receive socket |
261 | buffer size, is advertised when the connection handshake occurs, | | 261 | buffer size, is advertised when the connection handshake occurs, |
262 | thus the socket buffer size for the server must be set on the listen socket. | | 262 | thus the socket buffer size for the server must be set on the listen socket. |
263 | By increasing the socket buffer sizes, better | | 263 | By increasing the socket buffer sizes, better |
264 | .Tn TCP | | 264 | .Tn TCP |
265 | performance may be realized in some situations. | | 265 | performance may be realized in some situations. |
266 | The socket buffer sizes are specified by appending their values to | | 266 | The socket buffer sizes are specified by appending their values to |
267 | the protocol specification as follows: | | 267 | the protocol specification as follows: |
268 | .Bd -literal -offset indent | | 268 | .Bd -literal -offset indent |
269 | tcp,rcvbuf=16384 | | 269 | tcp,rcvbuf=16384 |
270 | tcp,sndbuf=64k | | 270 | tcp,sndbuf=64k |
271 | tcp,rcvbuf=64k,sndbuf=1m | | 271 | tcp,rcvbuf=64k,sndbuf=1m |
272 | .Ed | | 272 | .Ed |
273 | .Pp | | 273 | .Pp |
274 | A literal value may be specified, or modified using | | 274 | A literal value may be specified, or modified using |
275 | .Sq k | | 275 | .Sq k |
276 | to indicate kilobytes or | | 276 | to indicate kilobytes or |
277 | .Sq m | | 277 | .Sq m |
278 | to indicate megabytes. | | 278 | to indicate megabytes. |
279 | Socket buffer sizes may be specified for all | | 279 | Socket buffer sizes may be specified for all |
280 | services and protocols except for tcpmux services. | | 280 | services and protocols except for tcpmux services. |
281 | .Pp | | 281 | .Pp |
282 | The | | 282 | The |
283 | .Em wait/nowait | | 283 | .Em wait/nowait |
284 | entry is used to tell | | 284 | entry is used to tell |
285 | .Nm | | 285 | .Nm |
286 | if it should wait for the server program to return, | | 286 | if it should wait for the server program to return, |
287 | or continue processing connections on the socket. | | 287 | or continue processing connections on the socket. |
288 | If a datagram server connects | | 288 | If a datagram server connects |
289 | to its peer, freeing the socket so | | 289 | to its peer, freeing the socket so |
290 | .Nm | | 290 | .Nm |
291 | can receive further messages on the socket, it is said to be | | 291 | can receive further messages on the socket, it is said to be |
292 | a | | 292 | a |
293 | .Dq multi-threaded | | 293 | .Dq multi-threaded |
294 | server, and should use the | | 294 | server, and should use the |
295 | .Dq nowait | | 295 | .Dq nowait |
296 | entry. | | 296 | entry. |
297 | For datagram servers which process all incoming datagrams | | 297 | For datagram servers which process all incoming datagrams |
298 | on a socket and eventually time out, the server is said to be | | 298 | on a socket and eventually time out, the server is said to be |
299 | .Dq single-threaded | | 299 | .Dq single-threaded |
300 | and should use a | | 300 | and should use a |
301 | .Dq wait | | 301 | .Dq wait |
302 | entry. | | 302 | entry. |
303 | .Xr comsat 8 | | 303 | .Xr comsat 8 |
304 | .Pq Xr biff 1 | | 304 | .Pq Xr biff 1 |
305 | and | | 305 | and |
306 | .Xr ntalkd 8 | | 306 | .Xr ntalkd 8 |
307 | are both examples of the latter type of | | 307 | are both examples of the latter type of |
308 | datagram server. | | 308 | datagram server. |
309 | .Xr tftpd 8 | | 309 | .Xr tftpd 8 |
310 | is an exception; it is a datagram server that establishes pseudo-connections. | | 310 | is an exception; it is a datagram server that establishes pseudo-connections. |
311 | It must be listed as | | 311 | It must be listed as |
312 | .Dq wait | | 312 | .Dq wait |
313 | in order to avoid a race; | | 313 | in order to avoid a race; |
314 | the server reads the first packet, creates a new socket, | | 314 | the server reads the first packet, creates a new socket, |
315 | and then forks and exits to allow | | 315 | and then forks and exits to allow |
316 | .Nm | | 316 | .Nm |
317 | to check for new service requests to spawn new servers. | | 317 | to check for new service requests to spawn new servers. |
318 | The optional | | 318 | The optional |
319 | .Dq max | | 319 | .Dq max |
320 | suffix (separated from | | 320 | suffix (separated from |
321 | .Dq wait | | 321 | .Dq wait |
322 | or | | 322 | or |
323 | .Dq nowait | | 323 | .Dq nowait |
324 | by a dot or a colon) specifies the maximum number of server instances that may | | 324 | by a dot or a colon) specifies the maximum number of server instances that may |
325 | be spawned from | | 325 | be spawned from |
326 | .Nm | | 326 | .Nm |
327 | within an interval of 60 seconds. | | 327 | within an interval of 60 seconds. |
328 | When omitted, | | 328 | When omitted, |
329 | .Dq max | | 329 | .Dq max |
330 | defaults to 40. | | 330 | defaults to 40. |
331 | If it reaches this maximum spawn rate, | | 331 | If it reaches this maximum spawn rate, |
332 | .Nm | | 332 | .Nm |
333 | will log the problem (via the syslogger using the LOG_DAEMON | | 333 | will log the problem (via the syslogger using the |
334 | facility and LOG_ERR level) | | 334 | .Dv LOG_DAEMON |
| | | 335 | facility and |
| | | 336 | .Dv LOG_ERR |
| | | 337 | level) |
335 | and stop handling the specific service for ten minutes. | | 338 | and stop handling the specific service for ten minutes. |
336 | .Pp | | 339 | .Pp |
337 | Stream servers are usually marked as | | 340 | Stream servers are usually marked as |
338 | .Dq nowait | | 341 | .Dq nowait |
339 | but if a single server process is to handle multiple connections, it may be | | 342 | but if a single server process is to handle multiple connections, it may be |
340 | marked as | | 343 | marked as |
341 | .Dq wait . | | 344 | .Dq wait . |
342 | The master socket will then be passed as fd 0 to the server, which will then | | 345 | The master socket will then be passed as fd 0 to the server, which will then |
343 | need to accept the incoming connection. | | 346 | need to accept the incoming connection. |
344 | The server should eventually time | | 347 | The server should eventually time |
345 | out and exit when no more connections are active. | | 348 | out and exit when no more connections are active. |
346 | .Nm | | 349 | .Nm |
347 | will continue to | | 350 | will continue to |
348 | listen on the master socket for connections, so the server should not close | | 351 | listen on the master socket for connections, so the server should not close |
349 | it when it exits. | | 352 | it when it exits. |
350 | .Xr identd 8 | | 353 | .Xr identd 8 |
351 | is usually the only stream server marked as wait. | | 354 | is usually the only stream server marked as wait. |
352 | .Pp | | 355 | .Pp |
353 | The | | 356 | The |
354 | .Em user | | 357 | .Em user |
355 | entry should contain the user name of the user as whom the server should run. | | 358 | entry should contain the user name of the user as whom the server should run. |
356 | This allows for servers to be given less permission than root. | | 359 | This allows for servers to be given less permission than root. |
357 | Optionally, a group can be specified by appending a colon to the user name, | | 360 | Optionally, a group can be specified by appending a colon to the user name, |
358 | followed by the group name (it is possible to use a dot (``.'') in lieu of a | | 361 | followed by the group name (it is possible to use a dot (``.'') in lieu of a |
359 | colon, however this feature is provided only for backward compatibility). | | 362 | colon, however this feature is provided only for backward compatibility). |
360 | This allows for servers to run with a different (primary) group id than | | 363 | This allows for servers to run with a different (primary) group id than |
361 | specified in the password file. | | 364 | specified in the password file. |
362 | If a group is specified and | | 365 | If a group is specified and |
363 | .Em user | | 366 | .Em user |
364 | is not root, the supplementary groups associated with that user will still be | | 367 | is not root, the supplementary groups associated with that user will still be |
365 | set. | | 368 | set. |
366 | .Pp | | 369 | .Pp |
367 | The | | 370 | The |
368 | .Em server-program | | 371 | .Em server-program |
369 | entry should contain the pathname of the program which is to be | | 372 | entry should contain the pathname of the program which is to be |
370 | executed by | | 373 | executed by |
371 | .Nm | | 374 | .Nm |
372 | when a request is found on its socket. | | 375 | when a request is found on its socket. |
373 | If | | 376 | If |
374 | .Nm | | 377 | .Nm |
375 | provides this service internally, this entry should | | 378 | provides this service internally, this entry should |
376 | be | | 379 | be |
377 | .Dq internal . | | 380 | .Dq internal . |
378 | .Pp | | 381 | .Pp |
379 | The | | 382 | The |
380 | .Em server program arguments | | 383 | .Em server program arguments |
381 | should be just as arguments | | 384 | should be just as arguments |
382 | normally are, starting with argv[0], which is the name of | | 385 | normally are, starting with argv[0], which is the name of |
383 | the program. | | 386 | the program. |
384 | If the service is provided internally, the | | 387 | If the service is provided internally, the |
385 | word | | 388 | word |
386 | .Dq internal | | 389 | .Dq internal |
387 | should take the place of this entry. | | 390 | should take the place of this entry. |
388 | It is possible to quote an argument using either single or double quotes. | | 391 | It is possible to quote an argument using either single or double quotes. |
389 | This allows you to have, e.g., spaces in paths and parameters. | | 392 | This allows you to have, e.g., spaces in paths and parameters. |
390 | .Ss Internal Services | | 393 | .Ss Internal Services |
391 | .Nm | | 394 | .Nm |
392 | provides several | | 395 | provides several |
393 | .Qq trivial | | 396 | .Qq trivial |
394 | services internally by use of routines within itself. | | 397 | services internally by use of routines within itself. |
395 | These services are | | 398 | These services are |
396 | .Qq echo , | | 399 | .Qq echo , |
397 | .Qq discard , | | 400 | .Qq discard , |
398 | .Qq chargen | | 401 | .Qq chargen |
399 | (character generator), | | 402 | (character generator), |
400 | .Qq daytime | | 403 | .Qq daytime |
401 | (human readable time), and | | 404 | (human readable time), and |
402 | .Qq time | | 405 | .Qq time |
403 | (machine readable time, | | 406 | (machine readable time, |
404 | in the form of the number of seconds since midnight, January 1, 1900 GMT). | | 407 | in the form of the number of seconds since midnight, January 1, 1900 GMT). |
405 | For details of these services, consult the appropriate | | 408 | For details of these services, consult the appropriate |
406 | .Tn RFC . | | 409 | .Tn RFC . |
407 | .Pp | | 410 | .Pp |
408 | TCP services without official port numbers can be handled with the | | 411 | TCP services without official port numbers can be handled with the |
409 | RFC1078-based tcpmux internal service. | | 412 | RFC1078-based tcpmux internal service. |
410 | TCPmux listens on port 1 for requests. | | 413 | TCPmux listens on port 1 for requests. |
411 | When a connection is made from a foreign host, the service name | | 414 | When a connection is made from a foreign host, the service name |
412 | requested is passed to TCPmux, which performs a lookup in the | | 415 | requested is passed to TCPmux, which performs a lookup in the |
413 | service name table provided by | | 416 | service name table provided by |
414 | .Pa /etc/inetd.conf | | 417 | .Pa /etc/inetd.conf |
415 | and returns the proper entry for the service. | | 418 | and returns the proper entry for the service. |
416 | TCPmux returns a negative reply if the service doesn't exist, | | 419 | TCPmux returns a negative reply if the service doesn't exist, |
417 | otherwise the invoked server is expected to return the positive | | 420 | otherwise the invoked server is expected to return the positive |
418 | reply if the service type in | | 421 | reply if the service type in |
419 | .Pa /etc/inetd.conf | | 422 | .Pa /etc/inetd.conf |
420 | file has the prefix | | 423 | file has the prefix |
421 | .Qq tcpmux/ . | | 424 | .Qq tcpmux/ . |
422 | If the service type has the | | 425 | If the service type has the |
423 | prefix | | 426 | prefix |
424 | .Qq tcpmux/+ , | | 427 | .Qq tcpmux/+ , |
425 | TCPmux will return the positive reply for the | | 428 | TCPmux will return the positive reply for the |
426 | process; this is for compatibility with older server code, and also | | 429 | process; this is for compatibility with older server code, and also |
427 | allows you to invoke programs that use stdin/stdout without putting any | | 430 | allows you to invoke programs that use stdin/stdout without putting any |
428 | special server code in them. | | 431 | special server code in them. |
429 | Services that use TCPmux are | | 432 | Services that use TCPmux are |
430 | .Qq nowait | | 433 | .Qq nowait |
431 | because they do not have a well-known port number and hence cannot listen | | 434 | because they do not have a well-known port number and hence cannot listen |
432 | for new requests. | | 435 | for new requests. |
433 | .Pp | | 436 | .Pp |
434 | .Nm | | 437 | .Nm |
435 | rereads its configuration file when it receives a hangup signal, | | 438 | rereads its configuration file when it receives a hangup signal, |
436 | .Dv SIGHUP . | | 439 | .Dv SIGHUP . |
437 | Services may be added, deleted or modified when the configuration file | | 440 | Services may be added, deleted or modified when the configuration file |
438 | is reread. | | 441 | is reread. |
439 | .Nm | | 442 | .Nm |
440 | creates a file | | 443 | creates a file |
441 | .Em /var/run/inetd.pid | | 444 | .Em /var/run/inetd.pid |
442 | that contains its process identifier. | | 445 | that contains its process identifier. |
443 | .Ss libwrap | | 446 | .Ss libwrap |
444 | Support for | | 447 | Support for |
445 | .Tn TCP | | 448 | .Tn TCP |
446 | wrappers is included with | | 449 | wrappers is included with |
447 | .Nm | | 450 | .Nm |
448 | to provide internal tcpd-like access control functionality. | | 451 | to provide internal tcpd-like access control functionality. |
449 | An external tcpd program is not needed. | | 452 | An external tcpd program is not needed. |
450 | You do not need to change the | | 453 | You do not need to change the |
451 | .Pa /etc/inetd.conf | | 454 | .Pa /etc/inetd.conf |
452 | server-program entry to enable this capability. | | 455 | server-program entry to enable this capability. |
453 | .Nm | | 456 | .Nm |
454 | uses | | 457 | uses |
455 | .Pa /etc/hosts.allow | | 458 | .Pa /etc/hosts.allow |
456 | and | | 459 | and |
457 | .Pa /etc/hosts.deny | | 460 | .Pa /etc/hosts.deny |
458 | for access control facility configurations, as described in | | 461 | for access control facility configurations, as described in |
459 | .Xr hosts_access 5 . | | 462 | .Xr hosts_access 5 . |
460 | .Pp | | 463 | .Pp |
461 | .Em Nota Bene : | | 464 | .Em Nota Bene : |
462 | .Tn TCP | | 465 | .Tn TCP |
463 | wrappers do not affect/restrict | | 466 | wrappers do not affect/restrict |
464 | .Tn UDP | | 467 | .Tn UDP |
465 | or internal services. | | 468 | or internal services. |
466 | .Ss IPsec | | 469 | .Ss IPsec |
467 | The implementation includes a tiny hack to support IPsec policy settings for | | 470 | The implementation includes a tiny hack to support IPsec policy settings for |
468 | each socket. | | 471 | each socket. |
469 | A special form of the comment line, starting with | | 472 | A special form of the comment line, starting with |
470 | .Dq Li "#@" , | | 473 | .Dq Li "#@" , |
471 | is used as a policy specifier. | | 474 | is used as a policy specifier. |
472 | The content of the above comment line will be treated as a IPsec policy string, | | 475 | The content of the above comment line will be treated as a IPsec policy string, |
473 | as described in | | 476 | as described in |
474 | .Xr ipsec_set_policy 3 . | | 477 | .Xr ipsec_set_policy 3 . |
475 | Multiple IPsec policy strings may be specified by using a semicolon | | 478 | Multiple IPsec policy strings may be specified by using a semicolon |
476 | as a separator. | | 479 | as a separator. |
477 | If conflicting policy strings are found in a single line, | | 480 | If conflicting policy strings are found in a single line, |
478 | the last string will take effect. | | 481 | the last string will take effect. |
479 | A | | 482 | A |
480 | .Li "#@" | | 483 | .Li "#@" |
481 | line affects all of the following lines in | | 484 | line affects all of the following lines in |
482 | .Pa /etc/inetd.conf , | | 485 | .Pa /etc/inetd.conf , |
483 | so you may want to reset the IPsec policy by using a comment line containing | | 486 | so you may want to reset the IPsec policy by using a comment line containing |
484 | only | | 487 | only |
485 | .Li "#@" | | 488 | .Li "#@" |
486 | .Pq with no policy string . | | 489 | .Pq with no policy string . |
487 | .Pp | | 490 | .Pp |
488 | If an invalid IPsec policy string appears in | | 491 | If an invalid IPsec policy string appears in |
489 | .Pa /etc/inetd.conf , | | 492 | .Pa /etc/inetd.conf , |
490 | .Nm | | 493 | .Nm |
491 | logs an error message using | | 494 | logs an error message using |
492 | .Xr syslog 3 | | 495 | .Xr syslog 3 |
493 | and terminates itself. | | 496 | and terminates itself. |
494 | .Ss IPv6 TCP/UDP behavior | | 497 | .Ss IPv6 TCP/UDP behavior |
495 | If you wish to run a server for both IPv4 and IPv6 traffic, | | 498 | If you wish to run a server for both IPv4 and IPv6 traffic, |
496 | you will need to run two separate processes for the same server program, | | 499 | you will need to run two separate processes for the same server program, |
497 | specified as two separate lines in | | 500 | specified as two separate lines in |
498 | .Pa /etc/inetd.conf | | 501 | .Pa /etc/inetd.conf |
499 | using | | 502 | using |
500 | .Dq tcp4 | | 503 | .Dq tcp4 |
501 | and | | 504 | and |
502 | .Dq tcp6 | | 505 | .Dq tcp6 |
503 | respectively. | | 506 | respectively. |
504 | Plain | | 507 | Plain |
505 | .Dq tcp | | 508 | .Dq tcp |
506 | means TCP on top of the current default IP version, | | 509 | means TCP on top of the current default IP version, |
507 | which is, at this moment, IPv4. | | 510 | which is, at this moment, IPv4. |
508 | .Pp | | 511 | .Pp |
509 | Under various combination of IPv4/v6 daemon settings, | | 512 | Under various combination of IPv4/v6 daemon settings, |
510 | .Nm | | 513 | .Nm |
511 | will behave as follows: | | 514 | will behave as follows: |
512 | .Bl -bullet -compact | | 515 | .Bl -bullet -compact |
513 | .It | | 516 | .It |
514 | If you have only one server on | | 517 | If you have only one server on |
515 | .Dq tcp4 , | | 518 | .Dq tcp4 , |
516 | IPv4 traffic will be routed to the server. | | 519 | IPv4 traffic will be routed to the server. |
517 | IPv6 traffic will not be accepted. | | 520 | IPv6 traffic will not be accepted. |
518 | .It | | 521 | .It |
519 | If you have two servers on | | 522 | If you have two servers on |
520 | .Dq tcp4 | | 523 | .Dq tcp4 |
521 | and | | 524 | and |
522 | .Dq tcp6 , | | 525 | .Dq tcp6 , |
523 | IPv4 traffic will be routed to the server on | | 526 | IPv4 traffic will be routed to the server on |
524 | .Dq tcp4 , | | 527 | .Dq tcp4 , |
525 | and IPv6 traffic will go to server on | | 528 | and IPv6 traffic will go to server on |
526 | .Dq tcp6 . | | 529 | .Dq tcp6 . |
527 | .It | | 530 | .It |
528 | If you have only one server on | | 531 | If you have only one server on |
529 | .Dq tcp6 , | | 532 | .Dq tcp6 , |
530 | only IPv6 traffic will be routed to the server. | | 533 | only IPv6 traffic will be routed to the server. |
531 | The kernel may route to the server IPv4 traffic as well, | | 534 | The kernel may route to the server IPv4 traffic as well, |
532 | under certain configuration. | | 535 | under certain configuration. |
533 | See | | 536 | See |
534 | .Xr ip6 4 | | 537 | .Xr ip6 4 |
535 | for details. | | 538 | for details. |
536 | .El | | 539 | .El |
537 | .Sh FILES | | 540 | .Sh FILES |
538 | .Bl -tag -width /etc/hosts.allow -compact | | 541 | .Bl -tag -width /etc/hosts.allow -compact |
539 | .It Pa /etc/inetd.conf | | 542 | .It Pa /etc/inetd.conf |
540 | configuration file for all | | 543 | configuration file for all |
541 | .Nm | | 544 | .Nm |
542 | provided services | | 545 | provided services |
543 | .It Pa /etc/services | | 546 | .It Pa /etc/services |
544 | service name to protocol and port number mappings. | | 547 | service name to protocol and port number mappings. |
545 | .It Pa /etc/protocols | | 548 | .It Pa /etc/protocols |
546 | protocol name to protocol number mappings | | 549 | protocol name to protocol number mappings |
547 | .It Pa /etc/rpc | | 550 | .It Pa /etc/rpc |
548 | .Tn Sun-RPC | | 551 | .Tn Sun-RPC |
549 | service name to service number mappings. | | 552 | service name to service number mappings. |
550 | .It Pa /etc/hosts.allow | | 553 | .It Pa /etc/hosts.allow |
551 | explicit remote host access list. | | 554 | explicit remote host access list. |
552 | .It Pa /etc/hosts.deny | | 555 | .It Pa /etc/hosts.deny |
553 | explicit remote host denial of service list. | | 556 | explicit remote host denial of service list. |
554 | .El | | 557 | .El |
555 | .Sh SEE ALSO | | 558 | .Sh SEE ALSO |
556 | .Xr hosts_access 5 , | | 559 | .Xr hosts_access 5 , |
557 | .Xr hosts_options 5 , | | 560 | .Xr hosts_options 5 , |
558 | .Xr protocols 5 , | | 561 | .Xr protocols 5 , |
559 | .Xr rpc 5 , | | 562 | .Xr rpc 5 , |
560 | .Xr services 5 , | | 563 | .Xr services 5 , |
561 | .Xr comsat 8 , | | 564 | .Xr comsat 8 , |
562 | .Xr fingerd 8 , | | 565 | .Xr fingerd 8 , |
563 | .Xr ftpd 8 , | | 566 | .Xr ftpd 8 , |
564 | .Xr rexecd 8 , | | 567 | .Xr rexecd 8 , |
565 | .Xr rlogind 8 , | | 568 | .Xr rlogind 8 , |
566 | .Xr rshd 8 , | | 569 | .Xr rshd 8 , |
567 | .Xr telnetd 8 , | | 570 | .Xr telnetd 8 , |
568 | .Xr tftpd 8 | | 571 | .Xr tftpd 8 |
569 | .Rs | | 572 | .Rs |
570 | .%A J. Postel | | 573 | .%A J. Postel |
571 | .%R RFC | | 574 | .%R RFC |
572 | .%N 862 | | 575 | .%N 862 |
573 | .%D May 1983 | | 576 | .%D May 1983 |
574 | .%T "Echo Protocol" | | 577 | .%T "Echo Protocol" |
575 | .Re | | 578 | .Re |
576 | .Rs | | 579 | .Rs |
577 | .%A J. Postel | | 580 | .%A J. Postel |
578 | .%R RFC | | 581 | .%R RFC |
579 | .%N 863 | | 582 | .%N 863 |
580 | .%D May 1983 | | 583 | .%D May 1983 |
581 | .%T "Discard Protocol" | | 584 | .%T "Discard Protocol" |
582 | .Re | | 585 | .Re |
583 | .Rs | | 586 | .Rs |
584 | .%A J. Postel | | 587 | .%A J. Postel |
585 | .%R RFC | | 588 | .%R RFC |
586 | .%N 864 | | 589 | .%N 864 |
587 | .%D May 1983 | | 590 | .%D May 1983 |
588 | .%T "Character Generator Protocol" | | 591 | .%T "Character Generator Protocol" |
589 | .Re | | 592 | .Re |
590 | .Rs | | 593 | .Rs |
591 | .%A J. Postel | | 594 | .%A J. Postel |
592 | .%R RFC | | 595 | .%R RFC |
593 | .%N 867 | | 596 | .%N 867 |
594 | .%D May 1983 | | 597 | .%D May 1983 |
595 | .%T "Daytime Protocol" | | 598 | .%T "Daytime Protocol" |
596 | .Re | | 599 | .Re |
597 | .Rs | | 600 | .Rs |
598 | .%A J. Postel | | 601 | .%A J. Postel |
599 | .%A K. Harrenstien | | 602 | .%A K. Harrenstien |
600 | .%R RFC | | 603 | .%R RFC |
601 | .%N 868 | | 604 | .%N 868 |
602 | .%D May 1983 | | 605 | .%D May 1983 |
603 | .%T "Time Protocol" | | 606 | .%T "Time Protocol" |
604 | .Re | | 607 | .Re |
605 | .Rs | | 608 | .Rs |
606 | .%A M. Lottor | | 609 | .%A M. Lottor |
607 | .%R RFC | | 610 | .%R RFC |
608 | .%N 1078 | | 611 | .%N 1078 |
609 | .%D November 1988 | | 612 | .%D November 1988 |
610 | .%T "TCP port service Multiplexer (TCPMUX)" | | 613 | .%T "TCP port service Multiplexer (TCPMUX)" |
611 | .Re | | 614 | .Re |
612 | .Sh HISTORY | | 615 | .Sh HISTORY |
613 | The | | 616 | The |
614 | .Nm | | 617 | .Nm |
615 | command appeared in | | 618 | command appeared in |
616 | .Bx 4.3 . | | 619 | .Bx 4.3 . |
617 | Support for | | 620 | Support for |
618 | .Em Sun-RPC | | 621 | .Em Sun-RPC |
619 | based services is modeled after that | | 622 | based services is modeled after that |
620 | provided by SunOS 4.1. | | 623 | provided by SunOS 4.1. |
621 | Support for specifying the socket buffer sizes was added in | | 624 | Support for specifying the socket buffer sizes was added in |
622 | .Nx 1.4 . | | 625 | .Nx 1.4 . |
623 | In November 1996, libwrap support was added to provide | | 626 | In November 1996, libwrap support was added to provide |
624 | internal tcpd-like access control functionality; | | 627 | internal tcpd-like access control functionality; |
625 | libwrap is based on Wietse Venema's tcp_wrappers. | | 628 | libwrap is based on Wietse Venema's tcp_wrappers. |
626 | IPv6 support and IPsec hack was made by KAME project, in 1999. | | 629 | IPv6 support and IPsec hack was made by KAME project, in 1999. |
627 | .Sh BUGS | | 630 | .Sh BUGS |
628 | Host address specifiers, while they make conceptual sense for RPC | | 631 | Host address specifiers, while they make conceptual sense for RPC |
629 | services, do not work entirely correctly. | | 632 | services, do not work entirely correctly. |
630 | This is largely because the portmapper interface does not provide | | 633 | This is largely because the portmapper interface does not provide |
631 | a way to register different ports for the same service on different | | 634 | a way to register different ports for the same service on different |
632 | local addresses. | | 635 | local addresses. |
633 | Provided you never have more than one entry for a given RPC service, | | 636 | Provided you never have more than one entry for a given RPC service, |
634 | everything should work correctly (Note that default host address | | 637 | everything should work correctly (Note that default host address |
635 | specifiers do apply to RPC lines with no explicit specifier.) | | 638 | specifiers do apply to RPC lines with no explicit specifier.) |
636 | .Pp | | 639 | .Pp |
637 | .Dq tcpmux | | 640 | .Dq tcpmux |
638 | on IPv6 is not tested enough. | | 641 | on IPv6 is not tested enough. |
639 | .Sh SECURITY CONSIDERATIONS | | 642 | .Sh SECURITY CONSIDERATIONS |
640 | Enabling the | | 643 | Enabling the |
641 | .Dq echo , | | 644 | .Dq echo , |
642 | .Dq discard , | | 645 | .Dq discard , |
643 | and | | 646 | and |
644 | .Dq chargen | | 647 | .Dq chargen |
645 | built-in trivial services is not recommended because remote | | 648 | built-in trivial services is not recommended because remote |
646 | users may abuse these to cause a denial of network service to | | 649 | users may abuse these to cause a denial of network service to |
647 | or from the local host. | | 650 | or from the local host. |